lokibot | b916cd21d5759f9c2e98aed2297b0d2f0201f8390347856b37e493e808132153 | Triage

Sharing

General

Target

b916cd21d5759f9c2e98aed2297b0d2f0201f8390347856b37e493e808132153.exe
Size

814KB
Sample

210727-beqygd4n8x
MD5

541bb6e026f837faa2b64b31b0a2ec0c
SHA1

1cd6d3ceae4177bba8add5ef473b80edb6bc55d3
SHA256

b916cd21d5759f9c2e98aed2297b0d2f0201f8390347856b37e493e808132153
SHA512

2c880847e2fbf0f221eeae08c8997ad9b36c8f32e00d93ca3fdf9283bf895160378f3839770643353bb2fdccf7a529f02040881efef7d5cb2b91732c66ccede9

Score

10^/10

lokibot spyware stealer suricata trojan

Malware Config

Extracted

Family

lokibot

C2

http://192.236.179.121/new/zubby/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  b916cd21d5759f9c2e98aed2297b0d2f0201f8390347856b37e493e808132153.exe
- Size
  
  814KB
- MD5
  
  541bb6e026f837faa2b64b31b0a2ec0c
- SHA1
  
  1cd6d3ceae4177bba8add5ef473b80edb6bc55d3
- SHA256
  
  b916cd21d5759f9c2e98aed2297b0d2f0201f8390347856b37e493e808132153
- SHA512
  
  2c880847e2fbf0f221eeae08c8997ad9b36c8f32e00d93ca3fdf9283bf895160378f3839770643353bb2fdccf7a529f02040881efef7d5cb2b91732c66ccede9
Score

10^/10

lokibot spyware stealer suricata trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- suricata: ET MALWARE LokiBot Checkin
  suricata
- suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
  suricata
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

lokibotspywarestealersuricatatrojan

behavioral2

lokibotspywarestealersuricatatrojan